Closed
Bug 603322
Opened 14 years ago
Closed 14 years ago
new[] mismatch with delete instead of delete[] in TVariable::shareConstPointer
Categories
(Core :: Graphics, defect)
Core
Graphics
Tracking
()
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| blocking2.0 | --- | - |
People
(Reporter: timeless, Assigned: timeless)
References
(Blocks 1 open bug)
Details
(Keywords: coverity, crash)
Attachments
(1 file)
|
635 bytes,
patch
|
Details | Diff | Splinter Review |
Note: mismatched allocators can result in heap corruption. This isn't just a crash, it's actually *bad*.
71 class TVariable : public TSymbol {
72 public:
85 ConstantUnion* getConstPointer()
87 if (!unionArray)
88 unionArray = new ConstantUnion[type.getObjectSize()];
90 return unionArray;
93 ConstantUnion* getConstPointer() const { return unionArray; }
95 void shareConstPointer( ConstantUnion *constArray)
97 delete unionArray;
98 unionArray = constArray;
944 bool TParseContext::executeInitializer(TSourceLoc line, TString& identifier, TPublicType& pType,
980 if (qualifier == EvqConst) {
992 if (initializer->getAsConstantUnion()) {
993 ConstantUnion* unionArray = variable->getConstPointer();
994
995 if (type.getObjectSize() == 1 && type.getBasicType() != EbtStruct) {
997 } else {
998 variable->shareConstPointer(initializer->getAsConstantUnion()->getUnionArrayPointer());
|
||
Updated•14 years ago
|
blocking2.0: --- → ?
Needs to be filed at http://code.google.com/p/angleproject/ -- please file further ANGLE bugs there.
|
||
Updated•14 years ago
|
blocking2.0: ? → -
fixed with the landing of bug 616290
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
|
||
Updated•6 years ago
|
Blocks: coverity-analysis
You need to log in
before you can comment on or make changes to this bug.
Description
•